It is known to utilize transaction systems where through funds/payment can be transmitted from one part to another, the parties having agreements and accounts with a vendor, bank, credit supplier or other financial institution. The transaction system requires at least an identification of the two parties, account details for the two parties and an order from the paying part to perform the transaction.
The two parties can be a purchaser and a retailer where funds are to be moved from the purchaser to the retailer as for instance payment for goods, services and the like. The purchaser is present at a point of sale belonging to the retailer. It is then known that the purchaser identifies himself at the point of sell and that the point of sell transmits required information to the transaction system, which is information identifying the buyer/purchaser, the seller/retailer and the sum of money that is to be transferred.
There are many known manners to identify the purchaser at the point of sale. The most common manner is for the purchaser to identify himself with some kind of credit or bank card in combination with an identification card or a personal code provided by the purchaser to the point of sale. A credit or bank card can be a smart card which can communicate with the point of sale and thereby identify the purchaser. A smart card, or unique information from a SIM card in a mobile device, such as a telephone number, can be utilized in combination with a personal code, preventing the use of the smart card or mobile device by anyone else but the rightful user.
It is also known that purchasers having a mobile device, such as a smart phone or any other kind of mobile computer, through which it is possible to identify the purchaser. Such mobile device can be adapted to identify the purchaser to the point of sale by means of radio frequency identification (RFID) or near field communication (NFC). Many times these mobile devices are adapted to data communication via Internet or a cell phone network in which case the mobile device has a subscriber identity module (SIM card) through which both the device and the purchaser can be identified. It is known to utilize the possibilities to read the SIM card remotely from a point of sale by means of RFID or NFC and thereby obtaining information on the identity of the purchaser.
Regardless of how the purchaser identifies himself at the point of sale, the match between the purchaser and the retailer is made at the point of sale and required information is transmitted from the point of sale to the transaction system where the transaction can be made.
Confirmation of the performed transaction is transmitted from the transaction system to the point of sale and the point of sale provides a receipt to the purchaser. It is a technical problem to identify both purchaser and retailer at a point of sale so that required information for the transfer of funds in a transaction system can be gathered in a safe and secure manner.
The use of mobile devices is increasing and a demand is rising to use these devices for the identification of a purchaser at a point of sale. It is an economical investment to provide means for communication between the point of sale and the mobile device of a purchaser. The increased hardware complexity for the point of sale also means increased support and service in order to provide a safe and reliable use of this technology.
It is thus a problem to provide the possibility to identify the purchaser by means of a mobile device at a point of sale utilizing remote communication between the mobile device and the point of sale. Moreover, it is a problem that a purchaser has to provide the point of sale with secret information such as a personal identity code (PIN). Although a cashier at the point of sale is unable to read such secret information, it is transmitted from the point of sale (POS), and can be eavesdropped or manipulated.
Patent application documents US 2008/222048 A1 (048') to Higgins et al, US 2005/096011 A1 (011') to Youshida et al, EP 2 088 549 A1 (549'), US 2005/102233 A1 (233') to Shu et al, and US 2010/320266 A1 (266') to White, which in large describe electronic payment systems that are inherently insecure due to that a retailer and purchaser device communicate directly, and thus expose PIN-codes and identities to theft/eavesdropping. In the present inventions in accordance with the below solution, a retailer and a buyer only communicate with a transaction system utilizing for instance encryption and private keys on their own devices. This solution is not disclosed in the application documents 048', 011', 549', 233', and 266' mentioned in the latter,
In order to accomplish a full payment traceability, and authentication, the solution according to the below embodies a payer centric public key infrastructure (PKI) solution where communication is signed and where the transaction server keeps records over payer certificates, this problem is not addressed in 048', 011', 549', 233', and 266'. A PKI solution is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
Utilizing an SMS as authentication mechanism as in 048' is not secure. Hence, the present invention as described below improves over this solution by encrypting all communication end-to-end without directly connecting a purchaser and retailer. Thus it eliminates the need for insecure, unchecked communication between MCD and MPD such as disclosed by 048'.
The 011' patent application document is a specifically web-based solution involving a sales person as an operator. This is not required by the present invention as disclosed below where web input or operator supervision is not necessary/impossible, as the purchaser as described below is at a point of sale or in front of a point of sale. In the solution according to the present invention a retailer posts a bill automatically to an invention transaction system and the purchaser receives payment information such as receipts without having to enter a web page.
Document 549' depends on a Credit Card Clearing House (CCCH), whereas the solution to the present invention is independent of any specific CCCH and instead embodies a transaction server, which directly communicates with banks and/or value store accounts.
Application document 233' utilizes a display to provide information to a phone from a vending machine. The present invention differs from this solution by having a sticker-code identifying a point of sale and handing information between seller and buyer in a transaction server. Also, the mobile device described in 233' communicates with a vendor server via an URL, not directly to a transaction server, thus only function as a web-redirect, not a trusted payment processor.
The 266' document discloses single sided communication, and fails to solve the problem of providing information from the point of sale via a transaction server, so it is hard for a purchaser to verify that the amount and bill corresponds to the correct cash-register, as depicted in 266' image 1, S221-S223.
In the present inventions solution as described below, the mobile device is capable of receiving a digital receipt of the payment from the transaction service transmitted and signed from the selling cash-register. Documents 048', 011', 549', 233', and 266' rely on the cash-register to print a receipt, thus knowing/registering the purchasers particulars such as bank account, name, and even their PIN code although encoded.